林纳斯·托瓦兹的GitHub账号被黑了吗?
1 分•作者: meel-hd•7 个月前
一个来自 Retro-007 账号 (https://github.com/Retro-007) 的可疑 GitHub 仓库出现了,其描述古怪,类似沙丘电影中的“沙虫”,与我们在“第二次降临”攻击中看到的奇怪的随机仓库模式相符。更奇怪的是,该仓库有一个由 Linus Torvalds (https://github.com/Retro-007/shopbook/commit/99c9ba5e78437ffeea99355439d6d04d470a8eda) 提交的 commit,乍一看像是他的账号被黑了。<p>这种模式可以在其他几十个仓库中看到,它们的描述是“F*K Guillermo, F*K VERCEL --multi”。<p>但实际上,这个 commit 是伪造的 Git 元数据,这是一种已知的伎俩,攻击者可以在没有访问真实用户账号的情况下伪造任何 GitHub 用户,这与“沙虫”攻击背后的生态系统漏洞相同。<p>我过去一周一直在撰写关于这些奇怪遭遇的开端,详见 https://sitezwin.com/posts/2025-11-29-sha-hulud-the-second-coming-encouter。
查看原文
A shady GitHub repo from this account Retro-007 (https://github.com/Retro-007) appeared with a bizarre Shai-Hulud-like description, matching the odd random-repo pattern we saw during the “Second Coming” attack. Even weirder, the repo has a commit by Linus Torvalds (https://github.com/Retro-007/shopbook/commit/99c9ba5e78437ffeea99355439d6d04d470a8eda) that looks at a glance like his account was hacked.<p>This pattern can be seen in dozens of other repos with the description "F*K Guillermo, F*K VERCEL --multi"<p>But, in fact, the commit is forged Git metadata, a known trick where an attacker can fake any GitHub user without having access to the real one, the same ecosystem weakness behind the Shai-Hulud attacks.<p>I've written about the start of these weird encounters in the past week till now on this in https://sitezwin.com/posts/2025-11-29-sha-hulud-the-second-coming-encouter